Deep packet inspection used to stop censorship in new “Telex” scheme

University of Michigan researchers have developed technology that silently …

The Internet has become so economically important that few countries can afford to cut off access altogether. Instead, repressive regimes allow 'Net access, but try to block individual websites they don't want their populations to see. Some users, aided by allies in the West, use circumvention technologies like Web proxies or TOR to access forbidden information. This has led to a long-running cat-and-mouse game in which censorship opponents establish new proxies while censors race to identify and block them.

Researchers at the University of Michigan have developed technology that they hope can decisively tilt the playing field toward free speech. Their system, called Telex, is an "end-to-middle" proxy scheme. That is, rather than explicitly directing traffic to a proxy server, users "tag" traffic they want proxied and transmit it to an ordinary website that happens to have a Telex-enabled router between it and the user. The router recognizes the tag and silently redirects the packets to their real destination.

The trick is that the tags need to be encoded in a way that the Telex system can detect but that the censor cannot. Otherwise, the censor would simply block tagged traffic.

The system accomplishes this using a clever tweak to the TLS handshake that occurs whenever a browser initiates an encrypted Web connection. One of the steps in that handshake requires the client to choose a random bit string known as a "nonce." If a client wants Telex to redirect the connection, it uses Telex's public key to generate a steganographic "tag." The tag format is carefully chosen so that someone who knows the Telex private key will be able to recognize the tag efficiently—but no one else will be able to distinguish it from a random string.

The Telex system consists of "stations" connected to routers at various points in the Internet's architecture. The stations use deep packet inspection to monitor all the TLS handshakes that go across the wire and look for nonces that are Telex tags. Once the Telex station sees a tag, it hijacks the connection, sending a TCP reset command to the original destination and serving as a proxy between the client and its actual destination.

The beauty of this scheme, if implemented well, is that from the perspective of a censor near the end user, a Telex-proxied connection is indistinguishable from ordinary communication with a website that the censor considers innocuous. The authors envision a large-scale deployment in which most network routes out of the target country includes at least one Telex-enabled router. Then the censor won't have any way to prevent, or even detect, traffic to websites it wishes to block—unless it cuts off all access to the Internet beyond its borders.

Could this be done at the scale required by real-world ISPs? "Widescale Telex deployment will likely require Telex stations to scale to thousands of concurrent connections, which is beyond the capacity of our prototype," the authors write.

But Alex Halderman, the Michigan computer science professor who led the Telex team, told Ars that the technology is very amenable to distributed approaches, which the team plans to investigate in future work. Also, the fact that Telex is implemented as separate devices attached to routers, rather than a function of the router itself, means Telex will "fail open." That is, if a station gets overwhelmed, the router will revert to the behavior of an ordinary, non-Telex router.

Who will deploy it?

Halderman said that once the engineering details are ironed out, government help will likely be needed to get a system like Telex off the ground. There's no obvious market incentive to adopt a system like Telex, but its deployment could serve the diplomatic interests of liberal democracies. So Western governments could provide subsidies, tax breaks, or other incentives for their domestic ISPs to participate. The cost of adopting Telex "would be relatively moderate compared to other international relations scale activities that governments do," Halderman said.

Governments can also provide political cover. "ISPs might not want to jump on board with this unless they know that other ISPs are going to do so," he said. "If you're a company that has international business, you're not going to want to be singled out." However, he said, if a Western government persuaded all of its ISPs to adopt Telex simultaneously, it would be much more difficult for repressive regimes to retaliate against any single ISP.

48 Reader Comments

The problem with this is if they need government support to get it running, they will never get it, because while they assume that the US government would like to have free speech on the internet, the government has shown the opposite intentions.

With the way that it would conflict with PROTECT IP, I don't see any way that the government would help get this off of the ground. If anything the recording/music industries will find some sort of patent or legal loophole in order to sue the creators/manufacturers into nonexistence.

I don't see how this would interfere with rightsholders' activities - they have never tried to IP block anybody. They try to take down sites at the source, and now in the US they seize domain names, and they track down and sue individual users, but none of those things would be impeded by Telex.

If the politicians could be convinced that this was a great PR move, circumventing the firewalls in Iran, etc, maybe it would actually happen. Since the western countries generally have the ability to get sites taken down and their operators arrested pretty much anywhere in the world, it wouldn't really affect their ability to censor, anyway.

In contrast with the first few posts here, I'm going to go the optimistic route. This feels like someone choosing to use their superpowers for good rather than evil. I mean, DPI used to stop censorship? Madness! Brilliant madness! Let all people have a voice on the world stage, and we have the chance to see our civilization rise to unimagined heights.

Assuming they're going to use a single private key, hacking it out of the physical hardware will be too easy a task for foreign opponents. Once they can recognize Telex TLS handshakes, the game is over.

Arstechnica commenters by far are the most pessimistic hyperbole using downers that i've ever seen.

No, not really, it's just that (recent) history has taught us that if a group of influential men are given power they will misuse it sooner or later (usually sooner).

Using DPI to impede censorship would be all fine and dandy. But what if it's binded together with some good ol'CIA bookkeeping; you know there are basically 2 kinds of free speech in politics:1) The kind that lands you on a terrorist list ("bad" free speech)2) The kind that is appreciated mostly by pundits and hypocrites (ahem... "good" free speech)And the two kinds are not mutually exclusive.

Anecdotal example: This year you publicly condemn human rights abuse in China and it's all fine and dandy. Next year you publicly complain about some TSA agent that grabbed your naughty bits and you get a late "surprise" visit from the "party van".

Arstechnica commenters by far are the most pessimistic hyperbole using downers that i've ever seen.

No, not really, it's just that (recent) history has taught us that if a group of influential men are given power they will misuse it sooner or later (usually sooner).

Using DPI to impede censorship would be all fine and dandy. But what if it's binded together with some good ol'CIA bookkeeping; you know there are basically 2 kinds of free speech in politics:1) The kind that lands you on a terrorist list ("bad" free speech)2) The kind that is appreciated mostly by pundits and hypocrites (ahem... "good" free speech)And the two kinds are not mutually exclusive.

Anecdotal example: This year you publicly condemn human rights abuse in China and it's all fine and dandy. Next year you publicly complain about some TSA agent that grabbed your naughty bits and you get a late "surprise" visit from the "party van".

Difference being those kind of fears have been propagated for years now decades even none of which ever came to fruition.

I guess it just gets old hearing the same line over and over again eventually you just tune it out.

Some people just want to be equated to having the same plight as the Chinese when whats going on in the USA isn't even close to what those people go through.

Lastly, thats one of the benefits to an armed public. If things in the US ever turn into a totalitarian type society you can bet your ass people are going to fight back.

Assuming they're going to use a single private key, hacking it out of the physical hardware will be too easy a task for foreign opponents. Once they can recognize Telex TLS handshakes, the game is over.

This is a detail I didn't get into in the article, but Halderman envisions that the client would have a large number of keys baked into it and rotated on a fixed schedule, like every 10 minutes. So capturing a station would only allow censors to block Telex connections for a short time.

"If things in the US ever turn into a totalitarian type society you can bet your ass people are going to fight back."

We have arbitrary indefinite detention, torture, destruction of habeas corpus, inability to travel without being searched, asset forfeiture, ECHELON surveillance of Internet and telephone networks... Just when exactly are you guys planning to start the resistance? Do we need to actually get to the gas chamber stage?

This is a detail I didn't get into in the article, but Halderman envisions that the client would have a large number of keys baked into it and rotated on a fixed schedule, like every 10 minutes. So capturing a station would only allow censors to block Telex connections for a short time.

Couldn't the public key be tagged though? And if they're rotating, wouldn't they just have to watch it for a while (until a loop happens) in order to stop them all? I like the idea, but I think it would require no interference in order to work perfectly. Once they figure out one of the ISP's who has it, I'd think they could just monitor that until they find the keys.

Also, how does the user get access to these things? Wouldn't they need some software or hardware themselves? I'd presume software, but I guess you could do it hardware wise if you wanted all your transmissions to be handled that way. I ask because, what would stop the oppressive governments from getting their hands on the hardware/software.

"If things in the US ever turn into a totalitarian type society you can bet your ass people are going to fight back."

We have arbitrary indefinite detention, torture, destruction of habeas corpus, inability to travel without being searched, asset forfeiture, ECHELON surveillance of Internet and telephone networks... Just when exactly are you guys planning to start the resistance? Do we need to actually get to the gas chamber stage?

How much of which actually applies to your ordinary US citizen?

I don't support the network surveillance but even that only applies to people who are suspicious they aren't monitoring millions of phone calls simultaneously.

The searches are at most a minor inconvenience.

Torture is no longer happening and my point still stands nothing compared to the plight of the average Chinese citizen who gets jailed for saying anything that would look bad on China.

This is a detail I didn't get into in the article, but Halderman envisions that the client would have a large number of keys baked into it and rotated on a fixed schedule, like every 10 minutes. So capturing a station would only allow censors to block Telex connections for a short time.

If they can't change private/public key pairs on the system as a whole, this is still a weak point. Regardless of how many keys you "bake" into the routers/servers, if they're static, they'll be divulged and used to block the Telex TLS handshakes.

If there was an update server for key pairs, the servers could be blocked by the government. If keys were generated on some algorithm, that could be reverse-engineered. Regardless of how the system will attempt to avoid censorship, a Telex router could be obtained and abused by a government to gather all of the private keys, as they are generated/updated, and block Telex TLS handshakes.

That's right AdamM, when you are called out for being naive, you don't try to adjust your stance to a realist prospective, you do what every true American does and double down to become super naive. That way you can dress in a nice spandex costume and have people call you "Captain Naive". Which is a superhero name that I'm sure would very much be in style if most of the bearers of that name weren't killed by villains who convinced them that they can use their naive superpowers to leap from tall buildings and fly.

"If things in the US ever turn into a totalitarian type society you can bet your ass people are going to fight back."

We have arbitrary indefinite detention, torture, destruction of habeas corpus, inability to travel without being searched, asset forfeiture, ECHELON surveillance of Internet and telephone networks... Just when exactly are you guys planning to start the resistance? Do we need to actually get to the gas chamber stage?

How much of which actually applies to your ordinary US citizen?

I don't support the network surveillance but even that only applies to people who are suspicious they aren't monitoring millions of phone calls simultaneously.

The searches are at most a minor inconvenience.

Torture is no longer happening and my point still stands nothing compared to the plight of the average Chinese citizen who gets jailed for saying anything that would look bad on China.

God you are near sighted. The whole freaking point is that China let it get so bad that they can no longer buck the regime. It has too much power and control. At this point, most of them have your mantra of "oh its not that bad." So says the frog in his boiling pot.

Yeah you might not get disappeared in the USA for saying somethign against the government, but you better believe you get added to a list of some sort. Revolutionary talk? List. Support uncensored freedom of speech? List. Using encryption to keep your private conversations private? List. The whole point is that if the average, spineless person with nothing to hide used these sorts of anti-spying/censorship techniques, it no longer would look as strange when a brave soul uses such techniques to fight for your freedoms.

The point being, you can never be lethargic when it comes to freedoms, they must be used, like a muscle, or they fade away. So yes, we may not need censor resistant communication yet, and no, its not as bad as China. But one day a time will come when we realize enough has been taken from us, that a line must be drawn. Wouldnt you rather be in shape when that time comes? Have the tools at your disposal, the knowledge to use them, and be confident in your ability to do so? Because if we wait until we look like China to explore such freedoms, it will be too late.

Saw this on slashdot the other day. A pretty cool piece of technology. Deployment would certainly be a problem, but an ISP that deploys heavily might end up getting more connections from out of network and be able to bill it's partners for the cost.

I'm pretty sure if the US ever turns into a totalitarian type society, there'll be large percentages of its armed public cheering it on.

Sadly this is how it will end. Freedom being raped while the masses applaud.

AdamM wrote:

Lastly, thats one of the benefits to an armed public. If things in the US ever turn into a totalitarian type society you can bet your ass people are going to fight back.

I sincerely hope so. See my response to the poster in the above quote for what I think it really going to happen though.

metamatic wrote:

Just when exactly are you guys planning to start the resistance? Do we need to actually get to the gas chamber stage?

Sadly yes, yes we do. You know why? Because most people, i.e. the general populace, are stupid. It's not their fault. Their genes won't allow them to be anything but sheep. That being said we lead what to slaughter? Oh that's right. Lambs.

Now which governments are the ones that want to stop censorship of the internet?

My thoughts to. "it would be much more difficult for repressive regimes" Lets see, we have a department in government Called the DOJ who can take your Domain away within the US or Outside the US,without going to court . Companies here that packet sniff, which then throttle you so much you quit going to the site or ban the site completely.. Receive extortion letters claiming you have downloaded something without proof or going to court. Now that is just in the USA for starters, others can probably add to the list. Repressive doesn't always mean countries outside of N. America.

Arstechnica commenters by far are the most pessimistic hyperbole using downers that i've ever seen.

... and you sir are a blind sheep so hop in line with the herd.

This is a great idea and a project that should be heavily backed....but it seems pretty counter-productive to go to any government (yes that means the US government as well..) and expect help on this. Sure - they may actually jump on board...so that they can learn this process and figure out how they will use the tool against the very people who wish to take advantage of the anonymity it provides. Especially now that businesses with their lobbyists as well as government agencies across the country are on a witch-hunt for Anons and Lulzsec members alike, they are not looking to HELP those types of groups out. This is not to suggest the only use for these types of applications is to provide cover for criminals...to jump to such conclusions is reckless and naive. Will not prove to be very effective if the government jumps on board and gains the tactical advantage of DPI over a network of 'anonymous' traffic...be interesting to see where this one goes

Arstechnica commenters by far are the most pessimistic hyperbole using downers that i've ever seen.

... and you sir are a blind sheep so hop in line with the herd.

This is a great idea and a project that should be heavily backed....but it seems pretty counter-productive to go to any government (yes that means the US government as well..) and expect help on this. Sure - they may actually jump on board...so that they can learn this process and figure out how they will use the tool against the very people who wish to take advantage of the anonymity it provides. Especially now that businesses with their lobbyists as well as government agencies across the country are on a witch-hunt for Anons and Lulzsec members alike, they are not looking to HELP those types of groups out. This is not to suggest the only use for these types of applications is to provide cover for criminals...to jump to such conclusions is reckless and naive. Will not prove to be very effective if the government jumps on board and gains the tactical advantage of DPI over a network of 'anonymous' traffic...be interesting to see where this one goes

what would stop a nation state from identifying said Telex links and altering their routes to go out other links?

The fact (or rather, the hope) that most/all outbound links would have Telex capability. Also, as the routing table churns Telex-capable routers further away from the source would get switched in and out of the routes. Chances are somewhat improved because only one router between the source and the decoy destination has to cooperate, and it is not immediately obvious to the attacker which router that is.

Trying to keep a map from destination/next-hop pairs to Telex status reasonably up to date would be difficult at best.

This is a detail I didn't get into in the article, but Halderman envisions that the client would have a large number of keys baked into it and rotated on a fixed schedule, like every 10 minutes. So capturing a station would only allow censors to block Telex connections for a short time.

If they can't change private/public key pairs on the system as a whole, this is still a weak point. Regardless of how many keys you "bake" into the routers/servers, if they're static, they'll be divulged and used to block the Telex TLS handshakes.

If there was an update server for key pairs, the servers could be blocked by the government. If keys were generated on some algorithm, that could be reverse-engineered. Regardless of how the system will attempt to avoid censorship, a Telex router could be obtained and abused by a government to gather all of the private keys, as they are generated/updated, and block Telex TLS handshakes.

However you look at it, it's a flawed system.

I don't quite understand this response. When you say the update servers could be blocked by the government, I assume you mean the government engaging in censorship. Wouldn't the Telex servers and the update servers reside outside of that government's control? Isn't that the idea? Moreover, I would expect in that situation that the update servers would also be communicating with the Telex servers, which would imply that that the government in question wouldn't be able to block that communication. In the case where a particular Telex server is compromised would it be possible to identify it and prevent any compromised Telex servers from receiving the update?

I think an argument against viability that sounds compelling is whether the powers that be will see this as a greater threat than a benefit. It's all well and good that the US wants to overcome Chinese censorship but will it do so at the cost of providing a tool for circumventing IP protection and child endangerment protection?

This is a detail I didn't get into in the article, but Halderman envisions that the client would have a large number of keys baked into it and rotated on a fixed schedule, like every 10 minutes. So capturing a station would only allow censors to block Telex connections for a short time.

If they can't change private/public key pairs on the system as a whole, this is still a weak point. Regardless of how many keys you "bake" into the routers/servers, if they're static, they'll be divulged and used to block the Telex TLS handshakes.

If there was an update server for key pairs, the servers could be blocked by the government. If keys were generated on some algorithm, that could be reverse-engineered. Regardless of how the system will attempt to avoid censorship, a Telex router could be obtained and abused by a government to gather all of the private keys, as they are generated/updated, and block Telex TLS handshakes.

However you look at it, it's a flawed system.

I don't quite understand this response. When you say the update servers could be blocked by the government, I assume you mean the government engaging in censorship. Wouldn't the Telex servers and the update servers reside outside of that government's control? Isn't that the idea? Moreover, I would expect in that situation that the update servers would also be communicating with the Telex servers, which would imply that that the government in question wouldn't be able to block that communication. In the case where a particular Telex server is compromised would it be possible to identify it and prevent any compromised Telex servers from receiving the update?

I think an argument against viability that sounds compelling is whether the powers that be will see this as a greater threat than a benefit. It's all well and good that the US wants to overcome Chinese censorship but will it do so at the cost of providing a tool for circumventing IP protection and child endangerment protection?

I am referring to foreign governments blocking access to the update servers from clients, not from Telex routers, though it is essentially the same meaning if a Telex router would be within the foreign nation, which is not the idea here, since they wouldn't even be able to access parts of the web which would be blocked.

Also, you're not accounting for the fact that clients would need new public keys to match the updated private keys. A client in a foreign nation can be blocked from reaching an update server to acquire new public keys, whereas the Telex routers outside of the hostile governments would be constantly updating their private keys -- eventually the client will not have a public key for which the private key is still active.

The paper says "we currently make the optimistic assumption that all packets for the client’s connection to Not-Blocked.com pass through some particular Telex station". This seems like a serious weakness to me. The censoring government could peer with many external ISPs and actively distribute the traffic for any session over many routes. Unless all the routes passed through Telex stations, and all of those stations shared Telex status, only a fraction of the packets would get through.

I am referring to foreign governments blocking access to the update servers from clients, not from Telex routers, though it is essentially the same meaning if a Telex router would be within the foreign nation, which is not the idea here, since they wouldn't even be able to access parts of the web which would be blocked.

Also, you're not accounting for the fact that clients would need new public keys to match the updated private keys. A client in a foreign nation can be blocked from reaching an update server to acquire new public keys, whereas the Telex routers outside of the hostile governments would be constantly updating their private keys -- eventually the client will not have a public key for which the private key is still active.

In the scheme Halderman outlined to me, there's no "update servers." The client would ship with, say, 5 years worth of keys baked in, to be rotated every 10 minutes. He says the keys are small enough that this wouldn't increase the size of the client binary very much. So no server-to-client communication would ever be required, aside from shipping a new binary every few years.

I don't understand how this would actually work on the censored user's end. If it's only installed outside the country that's doing the censoring, then they can still block the traffic before it gets out of the country. If it's a separate device it won't be installed inside the country. If the intent is to be able to seem to go to google.com but actually get data from another source, how does the user specify where they do want to go?

I don't understand how this would actually work on the censored user's end. If it's only installed outside the country that's doing the censoring, then they can still block the traffic before it gets out of the country. If it's a separate device it won't be installed inside the country. If the intent is to be able to seem to go to google.com but actually get data from another source, how does the user specify where they do want to go?

The point is that the tag in the TLS handshake would be so small/random/undetectable that the country wouldn't know whether or not a secret request was being made. In order to make this scheme work, I think most routers on the outside would need to be replaced with Telex ones, so it would be impossible for the country to simply block a few outside routers and commit censorship.

I am referring to foreign governments blocking access to the update servers from clients, not from Telex routers, though it is essentially the same meaning if a Telex router would be within the foreign nation, which is not the idea here, since they wouldn't even be able to access parts of the web which would be blocked.

Also, you're not accounting for the fact that clients would need new public keys to match the updated private keys. A client in a foreign nation can be blocked from reaching an update server to acquire new public keys, whereas the Telex routers outside of the hostile governments would be constantly updating their private keys -- eventually the client will not have a public key for which the private key is still active.

In the scheme Halderman outlined to me, there's no "update servers." The client would ship with, say, 5 years worth of keys baked in, to be rotated every 10 minutes. He says the keys are small enough that this wouldn't increase the size of the client binary very much. So no server-to-client communication would ever be required, aside from shipping a new binary every few years.

So then all that we're left with is the vulnerability of the router hardware. Assuming 5 years worth of keys, one for every period of 10 minutes, that's 262800 keys, and at, I dunno, 256 bytes for each key, that's 67.28MB for the lot.

Probably best that the client chooses a key at random, but then it becomes computationally prohibitive to test <em>every</em> key against every TLS handshake a router comes across (bad part), not to mention for censors (good part).

If they use a predictive model for key switching, it will become easier for both router and censor to recognize Telex TLS handshakes.

And they want governments/ISPs to adopt such a thing? TOR does well enough, doesn't it? I really can't see this as more than a hack.

So then all that we're left with is the vulnerability of the router hardware. Assuming 5 years worth of keys, one for every period of 10 minutes, that's 262800 keys, and at, I dunno, 256 bytes for each key, that's 67.28MB for the lot.

Probably best that the client chooses a key at random, but then it becomes computationally prohibitive to test <em>every</em> key against every TLS handshake a router comes across (bad part), not to mention for censors (good part).

If they use a predictive model for key switching, it will become easier for both router and censor to recognize Telex TLS handshakes.

And they want governments/ISPs to adopt such a thing? TOR does well enough, doesn't it? I really can't see this as more than a hack.

Presumably, the Telex routers wouldn't have access to future keys. Here's one way it might be done. Every 10 minutes the router asks a central key server for the private key for the next 10 minutes. If a router is known to be compromised, said server refuses to give it any more keys. The server itself might not even have all the future keys, in case it too is compromised. Perhaps it keeps a day's worth of keys, refreshed daily from offline storage kept under tight physical security.

The clients, on the other hand, have all the public keys for the next 5 years. As long as the attacker can't obtain the future private keys the best they would be able to do is steal the current private key from a router and detect Telex requests until at most 10 minutes after the compromise is discovered, or if they can compromise the key server they would be able to Telex requests until at most one day after discovery.

Timothy B. Lee / Timothy covers tech policy for Ars, with a particular focus on patent and copyright law, privacy, free speech, and open government. His writing has appeared in Slate, Reason, Wired, and the New York Times.